Filter expressions
Many commands in the mitmproxy tool make use of filter expressions. Filter expressions consist of the following operators:
| ~a | Match asset in response: CSS, JavaScript, images, fonts. |
|---|---|
| ~all | Match all flows |
| ~b regex | Body |
| ~bq regex | Request body |
| ~bs regex | Response body |
| ~c int | HTTP response code |
| ~comment regex | Flow comment |
| ~d regex | Domain |
| ~dns | Match DNS flows |
| ~dst regex | Match destination address |
| ~e | Match error |
| ~h regex | Header |
| ~hq regex | Request header |
| ~hs regex | Response header |
| ~http | Match HTTP flows |
| ~m regex | Method |
| ~marked | Match marked flows |
| ~marker regex | Match marked flows with specified marker |
| ~meta regex | Flow metadata |
| ~q | Match request with no response |
| ~replay | Match replayed flows |
| ~replayq | Match replayed client request |
| ~replays | Match replayed server response |
| ~s | Match response |
| ~src regex | Match source address |
| ~t regex | Content-type header |
| ~tcp | Match TCP flows |
| ~tq regex | Request Content-Type header |
| ~ts regex | Response Content-Type header |
| ~u regex | URL |
| ~udp | Match UDP flows |
| ~websocket | Match WebSocket flows |
| ! | unary not |
| & | and |
| | | or |
| (...) | grouping |
- Regexes are Python-style.
- Regexes can be specified as quoted strings.
- Regexes are case-insensitive by default.1
- Header matching (~h, ~hq, ~hs) is against a string of the form “name: value”.
- Strings with no operators are matched against the request URL.
- The default binary operator is &.
View flow selectors
In interactive contexts, mitmproxy has a set of convenient flow selectors that operate on the current view:
| @all | All flows |
|---|---|
| @focus | The currently focused flow |
| @shown | All flows currently shown |
| @hidden | All flows currently hidden |
| @marked | All marked flows |
| @unmarked | All unmarked flows |
These are frequently used in commands and key bindings.
Examples
URL containing “google.com”:
google\.com
Requests whose body contains the string “test”:
~q ~b test
Anything but requests with a text/html content type:
!(~q & ~t "text/html")
Replace entire GET string in a request (quotes required to make it work):
":~q ~m GET:.*:/replacement.html"
-
This can be disabled by setting
MITMPROXY_CASE_SENSITIVE_FILTERS=1as an environment variable. ↩︎